Squid Web Cache wiki

Squid Web Cache documentation

๐Ÿ”— Configuring Transparent Interception with Fedora Core Linux and WCCPv2

๐Ÿ”— Outline

This configuration for a Fedora Core Linux 2.6.18 box running Squid and receiving WCCPv2 traffic through ip_gre. It is expected that another device will perform the WCCPv2 routing and forward it to this box for processing.

๐Ÿ”— Fedora Core WCCPv2 configuration

The GRE packets are sourced from one of the IPs on the router - Iโ€™m guessing its the โ€œRouter Identifierโ€. This may not be the local ethernet IP (so in this case it isnโ€™t

๐Ÿ”— /etc/sysctl.conf

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

๐Ÿ”— /etc/sysconfig/network-scripts/ifcfg-gre0


By configuring the interface like this, it automatically comes up at boot, and the module is loaded automatically. I can additionally ifup or ifdown the interface at will. This is the standard Fedora way of configuring a GRE interface.

๐Ÿ”— Fedora Core Intercept configuration

Then you need to redirect the packets coming in the gre0 interface to the Squid application.

๐Ÿ”— /etc/sysconfig/iptables

-A PREROUTING -s -d ! -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination $SQUIDIP:3127

๐Ÿ”— Squid Configuration File

http_port 3127 transparent
wccp2_router $ROUTERIP
# GRE forwarding
wccp2_forwarding_method gre
# GRE return method
wccp2_return_method gre
wccp2_service standard 0

๐Ÿ”— What does it all look like?

my operating system runs a GRE tunnel which looks like this:

[root@tornado squid]# ifconfig gre0
gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:  Mask:
          UP RUNNING NOARP  MTU:1476  Metric:1
          RX packets:449 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:20917 (20.4 KiB)  TX bytes:0 (0.0 b)

my router sees the cache engine, and tells me how much traffic it has switched through to the cache:

router#show ip wccp web-cache
Global WCCP information:
    Router information:
        Router Identifier:         
        Protocol Version:                    2.0
    Service Identifier: web-cache
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        1809
          Process:                           203
          Fast:                              1606
          CEF:                               0
        Redirect access-list:                -none-
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
router#show ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:
        Protocol Version:        2.0
        State:                   Usable
        Initial Hash Info:       00000000000000000000000000000000
        Hash Allotment:          256 (100.00%)
        Packets s/w Redirected:  449
        Connect Time:            13:51:42
        Bypassed Packets
          Process:               0
          Fast:                  0
          CEF:                   0

โš ๏ธ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.

Categories: ConfigExample

Navigation: Site Search, Site Pages, Categories, ๐Ÿ”ผ go up